By Devin Partida, Editor-in-Chief, ReHack.com
Physical security and cybersecurity used to be separate fields, and most businesses still treat them as such. However, as the internet of things (IoT) has brought the digital and physical worlds together, that’s no longer the case. Reliable security today must combine these two once distinct practices.
Recent high-profile infrastructure attacks highlight the need for physical and cybersecurity convergence. In March 2021, hackers breached more than 150,000 security cameras, publishing video feeds from jails, psychiatric wards, and even schools. Reliance on IoT security devices exposes physical defenses to cyberattacks.
In light of these threats, here’s how businesses can incorporate cybersecurity into their physical security strategy.
1. Combine Physical and IT Security Teams
Physical and cybersecurity convergence begins at an organizational level. Companies can’t hope to coordinate combined IT and physical security efforts if these teams work separately. While many aspects of physical and IT security are still separate, these employees must work together to ensure one side doesn’t hinder the other.
The most straightforward way to deal with this is to merge the two teams into a single department. These employees may spend most of their time apart, but their training should overlap, and they should cooperate on any changes to either side. Businesses may want to install a single CSO as the head of both teams to enable more seamless coordination.
2. Keep Critical Systems Separate
One of the most significant risks with connected physical security is seemingly innocuous IoT devices providing access to more critical systems. Cybercriminals could hack into a security camera to access sensitive data on a server on the same network. Conversely, an IT device could provide hackers the access they need to control physical security systems.
Businesses must keep critical security systems on separate networks to prevent these types of attacks. Segmenting networks will ensure a hacker can’t access security infrastructure from an IT IoT device and vice versa.
3. Enable Manual Overrides for Automated Equipment
Many companies use connected security equipment to automate routine processes, but they must also understand the risks. For example, electric security gates reduce staffing requirements and raise productivity but can be susceptible to cyberattacks that could keep them open or shut. In light of that risk, businesses should have a manual override system in place.
Automation can be a helpful tool as long as employees can override it in an emergency. If a cyberattack targets an automated gate to open it, workers should be able to close it manually, mitigating further risks.
4. Train Security Staff Against Social Engineering
Another crucial aspect of physical and cybersecurity convergence is combining training between these teams. Most notably, physical security employees must understand social engineering threats and how to stop them. Social engineering attacks have grown increasingly sophisticated and common recently, potentially jeopardizing physical security.
One penetration tester said that nine out of 10 times, workers don’t question his presence if he walks in dressed as an executive. Security officers must learn tactics like this that cybercriminals may use to access critical systems. When they know what risks they face, they can better defend against them.
5. Update All Systems Regularly
As companies install more IoT security devices, they must ensure they keep them up to date. While updates are easy to overlook, the growing convergence between IT and OT in security makes them essential. Outdated software could make connected cameras, gates, or ID scanners vulnerable to new attack methods.
If possible, businesses should enable automatic updates. Physical security teams should also work with cybersecurity professionals to ensure their systems feature protocols for verifying over-the-air improvements.
Cybersecurity and Physical Security Are No Longer Separate
The lines between physical and digital systems are blurring, and security must follow the same trend. As attacks on infrastructure grow increasingly common, businesses must incorporate cybersecurity into their safeguard systems. Without following these steps, embracing new security technologies may create more risks than benefits.
Devin Partida is an industrial tech writer and the Editor-in-Chief of ReHack.com, a digital magazine for all things technology, big data, cryptocurrency, and more. To read more from Devin, please check out the site.